ALIYUN::PrivateLink::VpcEndpoint - 资源编排

ALIYUN::PrivateLink::VpcEndpoint类型用于创建终端节点。

语法

{
  "Type": "ALIYUN::PrivateLink::VpcEndpoint",
  "Properties": {
    "VpcId": String,
    "EndpointName": String,
    "ServiceName": String,
    "Zone": List,
    "SecurityGroupId": List,
    "EndpointDescription": String,
    "ServiceId": String,
    "ProtectedEnabled": Boolean,
    "ZonePrivateIpAddressCount": Number,
    "EndpointType": String,
    "Tags": List
  }
}

属性

属性名称	类型	必须	允许更新	描述	约束
VpcId	String	是	否	终端节点所属的专有网络ID。	无
EndpointName	String	否	是	终端节点名称。	长度为2~128个字符，以英文字母或汉字开头。可包含英文字母、汉字、数字、短划线（-）和下划线（_）。
ServiceName	String	否	否	终端节点关联的终端节点服务名称。	无
Zone	List	否	是	可用区。	最多支持10个可用区。更多信息，请参见Zone属性。
SecurityGroupId	List	是	是	终端节点网卡关联的安全组ID，安全组可以管控专有网络到终端节点网卡的数据通信。	最多支持关联10个安全组。
EndpointDescription	String	否	是	终端节点描述。	长度为2~256个字符，不能以`http://`或`https://`开头。
ServiceId	String	否	否	终端节点关联的终端节点服务ID。	无
ProtectedEnabled	Boolean	否	否	是否开启托管保护。	STS调用方式下生效。取值： true：开启托管保护。只有创建终端节点的用户才能通过STS方式对该终端节点进行修改或删除等操作。 false（默认值）：不开启托管保护。
ZonePrivateIpAddressCount	Number	否	否	每个可用区ENI私网IP的数量。	取值：1。
EndpointType	String	否	否	终端节点类型。	取值：Interface，表示终端节点的服务资源类型为slb（传统型负载均衡CLB）的终端节点类型。
Tags	List	否	是	标签列表。	最多支持20个标签。

Zone语法

"Zone": [
  {
    "ZoneId": String,
    "VSwitchId": String,
    "Ip": String
  }
]

Zone属性

属性名称	类型	必须	允许更新	描述	约束
ZoneId	String	否	否	终端节点服务对应的可用区ID。	无
VSwitchId	String	否	否	在可用区内，需要创建终端节点网卡的交换机ID。	无
Ip	String	否	否	指定终端节点可用区的IP。	无

Tags语法

"Tags": [
  {
    "Value": String,
    "Key": String
  }
]

Tags属性

属性名称

类型

必须

允许更新

描述

约束

Key

String

否

实例的标签键。

最多支持20个标签键。一旦传入该值，则不允许为空字符串。

最多支持64个字符，不能以aliyun和acs:开头，不能包含http://或者https://。

Value

String

否

实例的标签值。

最多支持20个标签值。一旦传入该值，可以为空字符串。

最多支持128个字符，不能以aliyun和acs:开头，不能包含http://或者https://。

返回值

Fn::GetAtt

EndpointDomain：终端节点域名。
Bandwidth：终端节点的连接带宽。
EndpointId：终端节点ID。
EndpointName：终端节点名称。
VpcId：终端节点所属的专有网络ID。
ServiceName：终端节点关联的终端节点服务名称。
ServiceId：终端节点关联的终端节点服务ID。
ZoneDomains：可用区域名。

示例

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  MasterZoneId:
    Type: String
    Description: The master zone id to create load balancer instance.
    AssociationProperty: ALIYUN::ECS::Instance::ZoneId
  SlaveZoneId:
    Type: String
    Description: The slave zone id to create load balancer instance.
    AssociationProperty: ALIYUN::ECS::Instance::ZoneId
  VpcId:
    Type: String
    Description: The VPC id to create load balancer instance. For VPC network only.
    AssociationProperty: ALIYUN::ECS::VPC::VPCId
  VSwitchId:
    Type: String
    Description: The VSwitch id to create load balancer instance. For VPC network only.
    AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
    AssociationPropertyMetadata:
      VpcId: ${VpcId}
      ZoneId: ${MasterZoneId}
  SecurityGroupId:
    Type: CommaDelimitedList
    AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
    AssociationPropertyMetadata:
      VpcId: ${VpcId}
    Description: The security group associated with the endpoint network interface. The security group can control the data communication from the VPC to the endpoint network interface.
    MinLength: 1
    MaxLength: 10
Resources:
  LoadBalancer:
    Type: ALIYUN::SLB::LoadBalancer
    Properties:
      SupportPrivateLink: true
      PayType: PayOnDemand
      VpcId:
        Ref: VpcId
      VSwitchId:
        Ref: VSwitchId
      LoadBalancerSpec: slb.s1.small
      LoadBalancerName: TestLoadBalancer
      AddressType: intranet
      MasterZoneId:
        Ref: MasterZoneId
      SlaveZoneId:
        Ref: SlaveZoneId
  VpcEndpointService:
    DependsOn: LoadBalancer
    Type: ALIYUN::PrivateLink::VpcEndpointService
    Properties:
      User:
        - Ref: ALIYUN::AccountId
      ServiceDescription: test service endpoint
      Resource:
        - ZoneId:
            Ref: MasterZoneId
          ResourceId:
            Ref: LoadBalancer
          ResourceType: slb
      ConnectBandwidth: 100
      AutoAcceptEnabled: true
  VpcEndpoint:
    DependsOn: VpcEndpointService
    Type: ALIYUN::PrivateLink::VpcEndpoint
    Properties:
      VpcId:
        Ref: VpcId
      EndpointName: TestEndpoint
      Zone:
        - ZoneId:
            Ref: MasterZoneId
          VSwitchId:
            Ref: VSwitchId
      SecurityGroupId:
        Ref: SecurityGroupId
      ServiceId:
        Ref: VpcEndpointService
Outputs:
  ServiceName:
    Description: The name of the endpoint service.
    Value:
      Fn::GetAtt:
        - VpcEndpointService
        - ServiceName
  ServiceDomain:
    Description: The domain name of the endpoint service.
    Value:
      Fn::GetAtt:
        - VpcEndpointService
        - ServiceDomain
  ServiceId:
    Description: The ID of the endpoint service.
    Value:
      Fn::GetAtt:
        - VpcEndpointService
        - ServiceId
  EndpointDomain:
    Description: The domain name of the endpoint.
    Value:
      Fn::GetAtt:
        - VpcEndpoint
        - EndpointDomain
  Bandwidth:
    Description: The bandwidth of the endpoint.
    Value:
      Fn::GetAtt:
        - VpcEndpoint
        - Bandwidth
  EndpointId:
    Description: The ID of the endpoint.
    Value:
      Fn::GetAtt:
        - VpcEndpoint
        - EndpointId

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "MasterZoneId": {
      "Type": "String",
      "Description": "The master zone id to create load balancer instance.",
      "AssociationProperty": "ALIYUN::ECS::Instance::ZoneId"
    },
    "SlaveZoneId": {
      "Type": "String",
      "Description": "The slave zone id to create load balancer instance.",
      "AssociationProperty": "ALIYUN::ECS::Instance::ZoneId"
    },
    "VpcId": {
      "Type": "String",
      "Description": "The VPC id to create load balancer instance. For VPC network only.",
      "AssociationProperty": "ALIYUN::ECS::VPC::VPCId"
    },
    "VSwitchId": {
      "Type": "String",
      "Description": "The VSwitch id to create load balancer instance. For VPC network only.",
      "AssociationProperty": "ALIYUN::ECS::VSwitch::VSwitchId",
      "AssociationPropertyMetadata": {
        "VpcId": "${VpcId}",
        "ZoneId": "${MasterZoneId}"
      }
    },
    "SecurityGroupId": {
      "Type": "CommaDelimitedList",
      "AssociationProperty": "ALIYUN::ECS::SecurityGroup::SecurityGroupId",
      "AssociationPropertyMetadata": {
        "VpcId": "${VpcId}"
      },
      "Description": "The security group associated with the endpoint network interface. The security group can control the data communication from the VPC to the endpoint network interface.",
      "MinLength": 1,
      "MaxLength": 10
    }
  },
  "Resources": {
    "LoadBalancer": {
      "Type": "ALIYUN::SLB::LoadBalancer",
      "Properties": {
        "SupportPrivateLink": true,
        "PayType": "PayOnDemand",
        "VpcId": {
          "Ref": "VpcId"
        },
        "VSwitchId": {
          "Ref": "VSwitchId"
        },
        "LoadBalancerSpec": "slb.s1.small",
        "LoadBalancerName": "TestLoadBalancer",
        "AddressType": "intranet",
        "MasterZoneId": {
          "Ref": "MasterZoneId"
        },
        "SlaveZoneId": {
          "Ref": "SlaveZoneId"
        }
      }
    },
    "VpcEndpointService": {
      "DependsOn": "LoadBalancer",
      "Type": "ALIYUN::PrivateLink::VpcEndpointService",
      "Properties": {
        "User": [
          {
            "Ref": "ALIYUN::AccountId"
          }
        ],
        "ServiceDescription": "test service endpoint",
        "Resource": [
          {
            "ZoneId": {
              "Ref": "MasterZoneId"
            },
            "ResourceId": {
              "Ref": "LoadBalancer"
            },
            "ResourceType": "slb"
          }
        ],
        "ConnectBandwidth": 100,
        "AutoAcceptEnabled": true
      }
    },
    "VpcEndpoint": {
      "DependsOn": "VpcEndpointService",
      "Type": "ALIYUN::PrivateLink::VpcEndpoint",
      "Properties": {
        "VpcId": {
          "Ref": "VpcId"
        },
        "EndpointName": "TestEndpoint",
        "Zone": [
          {
            "ZoneId": {
              "Ref": "MasterZoneId"
            },
            "VSwitchId": {
              "Ref": "VSwitchId"
            }
          }
        ],
        "SecurityGroupId": {
          "Ref": "SecurityGroupId"
        },
        "ServiceId": {
          "Ref": "VpcEndpointService"
        }
      }
    }
  },
  "Outputs": {
    "ServiceName": {
      "Description": "The name of the endpoint service.",
      "Value": {
        "Fn::GetAtt": [
          "VpcEndpointService",
          "ServiceName"
        ]
      }
    },
    "ServiceDomain": {
      "Description": "The domain name of the endpoint service.",
      "Value": {
        "Fn::GetAtt": [
          "VpcEndpointService",
          "ServiceDomain"
        ]
      }
    },
    "ServiceId": {
      "Description": "The ID of the endpoint service.",
      "Value": {
        "Fn::GetAtt": [
          "VpcEndpointService",
          "ServiceId"
        ]
      }
    },
    "EndpointDomain": {
      "Description": "The domain name of the endpoint.",
      "Value": {
        "Fn::GetAtt": [
          "VpcEndpoint",
          "EndpointDomain"
        ]
      }
    },
    "Bandwidth": {
      "Description": "The bandwidth of the endpoint.",
      "Value": {
        "Fn::GetAtt": [
          "VpcEndpoint",
          "Bandwidth"
        ]
      }
    },
    "EndpointId": {
      "Description": "The ID of the endpoint.",
      "Value": {
        "Fn::GetAtt": [
          "VpcEndpoint",
          "EndpointId"
        ]
      }
    }
  }
}